Teleport Workload Identity with SPIFFE: Achieving Zero Trust in Modern Infrastructure
May 23
Virtual
Register Today
Support
LOG IN
Teleport logoTry For Free
Contact SalesTry for Free
Support
LOG IN
Home > Teleport Academy > Authentication and Privileges

What are Access Requests?

Posted 25th Feb 2024 by Travis Swientek
What is Secretless (Passwordless) Authentication?
What are Access Requests?
What is Authorization?
What are Ephemeral Privileges?
What is Just-In-Time (JIT) access?
Principle of Least Privilege: What It Is & How to Implement It
What is RBAC?
Configure RBAC for Kubernetes EKS
RBAC for Google Cloud Kubernetes Engine (GCP GKE)
What is ABAC?
What is MAC (Mandatory Access Control)?
What is OAuth 2.0 (Open Authorization)?
What is FIDO (Fast IDentity Online)?
What is U2F (Universal 2nd Factor)?
What is WebAuthn?
What is OIDC (Open ID Connect)?
What Is SAML (Security Assertion Markup Language)?
The Failures of Shared Secrets and How We Can Replace Them
How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters
Just-in-Time Access for Amazon EKS
Authenticating GCP GKE with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with GitHub SSO
Authenticating Azure AKS Kubernetes Clusters with GitHub SSO
Authenticating Google Kubernetes Engine Clusters with Okta SSO
Authenticating AWS EKS Kubernetes Clusters with Okta SSO
Authenticating Azure AKS Kubernetes Clusters with Okta SSO
Configuring Okta as an Identity Provider for Kubernetes Clusters
Azure AKS RBAC

Access requests support the principle of least privilege by ensuring individuals have access only to the resources necessary for their specific tasks, thereby minimizing potential security risks.

Access requests form a critical component of modern identity and access management (IAM) systems, facilitating a structured and auditable method for users to gain temporary elevated privileges or roles. This mechanism supports the principle of least privilege by ensuring individuals have access only to the resources necessary for their specific tasks, thereby minimizing potential security risks.

How Access Requests Work

  • Permissions and Roles: Access requests allow users to seek specific or request temporary elevated permissions or roles, such as db_admin, that are essential for performing particular functions within an organization's infrastructure.
  • Workflows and Automation: The process is typically governed by automated workflows that streamline the request and approval phases, integrating seamlessly with collaboration tools like Slack or PagerDuty for efficient stakeholder communication.
  • Self-Service Functionality: This approach empowers users with self-service capabilities, enabling them to request access as needed while still maintaining tight security controls and compliance with data protection regulations such as GDPR and CCPA.
  • Access Control and Audit Trails: Through the lifecycle of an access request, from initiation to approval and eventual revocation, the system maintains a detailed audit trail. This documentation is crucial for compliance, security policies adherence, and mitigating unauthorized access risks.
  • Security and Compliance: By centralizing the access request management, organizations can better protect sensitive data from breaches, ensure compliance with relevant regulations, and reduce the likelihood of human error compromising security.

Challenges with Access Requests

Companies that extend systems that are purpose-built for IT access use cases tp modern computing environments frequently run into the following issues:

  • The systems do not provide user-friendly processes for DevOps users, making the access request workflow cumbersome.
  • All access requests are manually processed, slowing down engineers while they wait for approvals, and placing a high operational burden on IT staff.

Teleport's Take

Teleport’s access request feature, part of Teleport Identity, is purpose-built for modern computing environments and DevOps workflow, providing a secure, efficient, user-friendly, and scalable method for temporarily elevating privileges to infrastructure resources. Teleport's approach to access requests emphasizes:

  • Configurable approval processes: Approval workflows can be designed to be automated, routed, or set for more complex dual approvals and moderator requirements.
  • Integration with DevOps tools: Teleport integrates with popular DevOps tools for making and approving access requests, such as Slack, PagerDuty, and more.
  • Short-lived approvals: Teleport grants approvals for a predefined duration, after which access rights expire. This hardens security posture by removing standing privileges or persistence of overprivileged accounts, thwarting “breach, then pivot” strategies by bad actors and limiting blast radius.
  • Compliance and Data Privacy: With its robust access control and audit capabilities, Teleport aids organizations in meeting strict compliance requirements and data privacy standards, providing detailed reports that document access requests and approvals, as well as recording sessions.

By marrying the flexibility of self-service access requests with the stringent security measures of zero trust principles, Teleport offers a solution that not only mitigates the risk of unauthorized access and data breaches but also enhances the overall user experience. This ensures that team members can collaborate effectively and access the specific resources they need, all while maintaining the highest standards of security, data privacy, and regulatory compliance.

What is Secretless (Passwordless) Authentication?
What are Access Requests?
What is Authorization?
What are Ephemeral Privileges?
What is Just-In-Time (JIT) access?
Principle of Least Privilege: What It Is & How to Implement It
What is RBAC?
Configure RBAC for Kubernetes EKS
RBAC for Google Cloud Kubernetes Engine (GCP GKE)
What is ABAC?
What is MAC (Mandatory Access Control)?
What is OAuth 2.0 (Open Authorization)?
What is FIDO (Fast IDentity Online)?
What is U2F (Universal 2nd Factor)?
What is WebAuthn?
What is OIDC (Open ID Connect)?
What Is SAML (Security Assertion Markup Language)?
The Failures of Shared Secrets and How We Can Replace Them
How to Configure Single Sign-On (SSO) for Accessing AWS EKS Clusters
Just-in-Time Access for Amazon EKS
Authenticating GCP GKE with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with Google Workspace SSO
Authenticating AWS EKS Kubernetes Clusters with GitHub SSO
Authenticating Azure AKS Kubernetes Clusters with GitHub SSO
Authenticating Google Kubernetes Engine Clusters with Okta SSO
Authenticating AWS EKS Kubernetes Clusters with Okta SSO
Authenticating Azure AKS Kubernetes Clusters with Okta SSO
Configuring Okta as an Identity Provider for Kubernetes Clusters
Azure AKS RBAC

Table of Contents

Background image

Teleport Enterprise

Protect your infrastructure with essential security & compliance capabilities

Tags
access requests
elevated privileges
principle of least privilege